ELSA-2025-7903

Опубликовано: 22 мая 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-7903: kernel security update (IMPORTANT)

[5.14.0-570.17.1.0.1_6.OL9]

nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates

[5.14.0-570.17.1_6]

vsock: Orphan socket after transport release (Jay Shin) [RHEL-89113] {CVE-2025-21756}
vsock: Keep the binding until socket destruction (Jay Shin) [RHEL-89113] {CVE-2025-21756}
bpf, vsock: Invoke proto::close on close() (Jay Shin) [RHEL-89113] {CVE-2025-21756}
net: ppp: Add bound checking for skb data on ppp_sync_txmung (Guillaume Nault) [RHEL-89646] {CVE-2025-37749}
cgroup/cpuset: Add warnings to catch inconsistency in exclusive CPUs (Waiman Long) [RHEL-88640]
selftest/cgroup: Add a remote partition transition test to test_cpuset_prs.sh (Waiman Long) [RHEL-88640]
selftest/cgroup: Clean up and restructure test_cpuset_prs.sh (Waiman Long) [RHEL-88640]
selftest/cgroup: Update test_cpuset_prs.sh to use | as effective CPUs and state separator (Waiman Long) [RHEL-88640]
cgroup/cpuset: Code cleanup and comment update (Waiman Long) [RHEL-88640]
cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (Waiman Long) [RHEL-88640]
cgroup/cpuset: Fix error handling in remote_partition_disable() (Waiman Long) [RHEL-88640]
cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (Waiman Long) [RHEL-88640]
cgroup/cpuset: Fix race between newly created partition and dying one (Waiman Long) [RHEL-88640]
cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains (Waiman Long) [RHEL-88640]
cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation (Waiman Long) [RHEL-88640]
cgroup/cpuset: Revert 'Allow suppression of sched domain rebuild in update_cpumasks_hier()' (Waiman Long) [RHEL-88640]
cgroup/cpuset: Fix spelling errors in file kernel/cgroup/cpuset.c (Waiman Long) [RHEL-88640]
selftest/cgroup: Make test_cpuset_prs.sh deal with pre-isolated CPUs (Waiman Long) [RHEL-88640]
cgroup/cpuset: Account for boot time isolated CPUs (Waiman Long) [RHEL-88640]
cgroup/cpuset: remove use_parent_ecpus of cpuset (Waiman Long) [RHEL-88640]
cgroup/cpuset: remove fetch_xcpus (Waiman Long) [RHEL-88640]
selftest/cgroup: Add new test cases to test_cpuset_prs.sh (Waiman Long) [RHEL-88640]
cgroup/cpuset: remove child_ecpus_count (Waiman Long) [RHEL-88640]
cpuset: use Union-Find to optimize the merging of cpumasks (Waiman Long) [RHEL-88640]
Union-Find: add a new module in kernel library (Waiman Long) [RHEL-88640]
dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CKI Backport Bot) [RHEL-86899] {CVE-2025-21966}
ixgbe: fix media type detection for E610 device (Corinna Vinschen) [RHEL-85809]
ixgbevf: Add support for Intel(R) E610 device (Corinna Vinschen) [RHEL-85809]
PCI: Add PCI_VDEVICE_SUB helper macro (Corinna Vinschen) [RHEL-85809]
ixgbe: fix media cage present detection for E610 device (Corinna Vinschen) [RHEL-85809]
ixgbe: Enable link management in E610 device (Corinna Vinschen) [RHEL-85809]
ixgbe: Clean up the E610 link management related code (Corinna Vinschen) [RHEL-85809]
ixgbe: Add ixgbe_x540 multiple header inclusion protection (Corinna Vinschen) [RHEL-85809]
ixgbe: Add support for EEPROM dump in E610 device (Corinna Vinschen) [RHEL-85809]
ixgbe: Add support for NVM handling in E610 device (Corinna Vinschen) [RHEL-85809]
ixgbe: Add link management support for E610 device (Corinna Vinschen) [RHEL-85809]
ixgbe: Add support for E610 device capabilities detection (Corinna Vinschen) [RHEL-85809]
ixgbe: Add support for E610 FW Admin Command Interface (Corinna Vinschen) [RHEL-85809]

[5.14.0-570.16.1_6]

soc: qcom: socinfo: Avoid out of bounds read of serial number (Jared Kangas) [RHEL-88252] {CVE-2024-58007}
soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Jared Kangas) [RHEL-88252]
soc: qcom: Add check devm_kasprintf() returned value (Jared Kangas) [RHEL-88252]

[5.14.0-570.15.1_6]

ice: ensure periodic output start time is in the future (Petr Oros) [RHEL-86021]
ice: fix PHY Clock Recovery availability check (Petr Oros) [RHEL-86021]
ice: Drop auxbus use for PTP to finalize ice_adapter move (Petr Oros) [RHEL-86021]
ice: Use ice_adapter for PTP shared data instead of auxdev (Petr Oros) [RHEL-86021]
ice: Initial support for E825C hardware in ice_adapter (Petr Oros) [RHEL-86021]
ice: Add ice_get_ctrl_ptp() wrapper to simplify the code (Petr Oros) [RHEL-86021]
ice: Introduce ice_get_phy_model() wrapper (Petr Oros) [RHEL-86021]
ice: Enable 1PPS out from CGU for E825C products (Petr Oros) [RHEL-86021]
ice: Read SDP section from NVM for pin definitions (Petr Oros) [RHEL-86021]
ice: Disable shared pin on E810 on setfunc (Petr Oros) [RHEL-86021]
ice: Cache perout/extts requests and check flags (Petr Oros) [RHEL-86021]
ice: Align E810T GPIO to other products (Petr Oros) [RHEL-86021]
ice: Add SDPs support for E825C (Petr Oros) [RHEL-86021]
ice: Implement ice_ptp_pin_desc (Petr Oros) [RHEL-86021]

[5.14.0-570.14.1_6]

smb: client: fix regression with guest option (Paulo Alcantara) [RHEL-83859]
io_uring/sqpoll: zero sqd->thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633}
nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927}
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993}
certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247]
certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247]
certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247]
KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247]
crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247]
New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247]
certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247]
certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247]
tpm: Change to kvalloc() in eventlog/acpi.c (Stepan Horacek) [RHEL-82147] {CVE-2024-58005}

[5.14.0-570.13.1_6]

scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049]
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942]
net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942]
net: mana: cleanup mana struct after debugfs_remove() (Maxim Levitsky) [RHEL-85942]
net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942]
net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942]
net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942]
net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942]
net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942]
net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942]
net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942]
net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942]
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942]
ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557]
ice: init flow director before RDMA (Petr Oros) [RHEL-80557]
ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557]
ice: enable_rdma devlink param (Petr Oros) [RHEL-80557]
ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557]
ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557]
ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557]
ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557]
ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557]
ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557]
ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557]
ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557]
ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557]
smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524]
cgroup: Remove steal time from usage_usec (Waiman Long) [RHEL-85398]
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069}

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-570.17.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.17.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.17.1.0.1.el9_6

kernel-headers

5.14.0-570.17.1.0.1.el9_6

perf

5.14.0-570.17.1.0.1.el9_6

rtla

5.14.0-570.17.1.0.1.el9_6

kernel-tools

5.14.0-570.17.1.0.1.el9_6

python3-perf

5.14.0-570.17.1.0.1.el9_6

Oracle Linux x86_64

kernel-debug-devel

5.14.0-570.17.1.0.1.el9_6

kernel-debug-devel-matched

5.14.0-570.17.1.0.1.el9_6

kernel-devel

5.14.0-570.17.1.0.1.el9_6

kernel-devel-matched

5.14.0-570.17.1.0.1.el9_6

kernel-doc

5.14.0-570.17.1.0.1.el9_6

kernel-headers

5.14.0-570.17.1.0.1.el9_6

perf

5.14.0-570.17.1.0.1.el9_6

rtla

5.14.0-570.17.1.0.1.el9_6

kernel-cross-headers

5.14.0-570.17.1.0.1.el9_6

kernel-tools-libs-devel

5.14.0-570.17.1.0.1.el9_6

libperf

5.14.0-570.17.1.0.1.el9_6

kernel

5.14.0-570.17.1.0.1.el9_6

kernel-abi-stablelists

5.14.0-570.17.1.0.1.el9_6

kernel-core

5.14.0-570.17.1.0.1.el9_6

kernel-debug

5.14.0-570.17.1.0.1.el9_6

kernel-debug-core

5.14.0-570.17.1.0.1.el9_6

kernel-debug-modules

5.14.0-570.17.1.0.1.el9_6

kernel-debug-modules-core

5.14.0-570.17.1.0.1.el9_6

kernel-debug-modules-extra

5.14.0-570.17.1.0.1.el9_6

kernel-debug-uki-virt

5.14.0-570.17.1.0.1.el9_6

kernel-modules

5.14.0-570.17.1.0.1.el9_6

kernel-modules-core

5.14.0-570.17.1.0.1.el9_6

kernel-modules-extra

5.14.0-570.17.1.0.1.el9_6

kernel-tools

5.14.0-570.17.1.0.1.el9_6

kernel-tools-libs

5.14.0-570.17.1.0.1.el9_6

kernel-uki-virt

5.14.0-570.17.1.0.1.el9_6

kernel-uki-virt-addons

5.14.0-570.17.1.0.1.el9_6

python3-perf

5.14.0-570.17.1.0.1.el9_6

Связанные CVE

CVE-2025-37749

CVE-2025-21966

CVE-2025-21756

Ссылки на источники

Связанные уязвимости

CVE-2025-37749

ubuntu

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, it is not safe to access data[2]. [pabeni@redhat.com: fixed subj typo]

CVE-2025-37749

CVSS3: 6.1

redhat

около 2 месяцев назад

CVE-2025-37749

nvd

около 2 месяцев назад

CVE-2025-37749

debian

около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

GHSA-v3g9-9rfh-r7cr

github

около 2 месяцев назад